cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ISE integration with MX firewall

Highlighted
Getting noticed

ISE integration with MX firewall

Hello,

 

I am not sure if we can direct Meraki MX to look at ISE, and ISE to look at some database (users, auths, etc...? Access points currently installed are Cisco Aironet. I am trying to see what can/cannot ISE do with Mereki MX firewalls?

HM
8 REPLIES 8
Highlighted
Kind of a big deal

Re: ISE integration with MX firewall

ISE is a RADIUS server.  So you could use it for client VPN authentication.  You could use it for splash page authentication.  Can't think of anything else using RADIUS.

Highlighted
Getting noticed

Re: ISE integration with MX firewall

Thanks, so MX with splash page for guest wireless users (aironet ap's) can integrate with ISE to collect and show data? I am trying to determine the integrity MX has with ISE.
HM
Highlighted
Meraki Employee

Re: ISE integration with MX firewall

You can use ISE as a RADIUS server for 802.1x/EAP-on-LAN on the small branch MXs that support 802.1x on their LAN ports.  The RADIUS for splash page, the splash pages are actually served from the dashboard shard infrastructure.  Hence the RADIUS request actually comes from the dashboard, not the MX. 

Highlighted
Kind of a big deal

Re: ISE integration with MX firewall

> that support 802.1x on their LAN ports

 

Note this is only the older small MXs ...

Highlighted
Getting noticed

Re: ISE integration with MX firewall

What are the "older small MXs?" the 64's?

Highlighted
Kind of a big deal

Re: ISE integration with MX firewall

>What are the "older small MXs?" the 64's?

 

MX64 and MX65 can do 802.1x on their LAN ports.  The newer MX67 and MX68 can not.

Highlighted
Getting noticed

Re: ISE integration with MX firewall

I haven't been great about keeping up with all what models are available. I saw a couple other posts that talked about certain MXs not be able to do 802.1x and wasn't sure. Thanks for helping make it clearer for me.

Highlighted
Getting noticed

Re: ISE integration with MX firewall

 

All MX models support a splash page that authenticates against a RADIUS server. Enable the splash page and set it to authenticate against the ISE RADIUS server.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Configuring_RADIUS_A...

 

 

The MX64, MX65, MX64W, and MX65W support access policies including 802.1x. You can point the MX to authenticate the ports against the ISE RADIUS server:

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

 

 

You can see the matrix of compatibility for MX on the document here:

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/361...

Colin Lowenberg
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi, the therapy dog service, and Lowenberg Labs, an IT consulting company.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.